2 * Copyright (C) 2018 Daniel Golle <daniel@makrotopia.org>
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License version 3
6 * as published by the Free Software Foundation
8 * This program is distributed in the hope that it will be useful,
9 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 * GNU General Public License for more details.
29 #include <json-c/json.h>
30 #include <libubox/blob.h>
31 #include <libubox/utils.h>
32 #include <libubox/list.h>
33 #include <libubox/vlist.h>
34 #include <libubox/blobmsg_json.h>
38 #define CERT_BUF_LEN 4096
57 static const struct blob_attr_info cert_policy
[CERT_ATTR_MAX
] = {
58 [CERT_ATTR_SIGNATURE
] = { .type
= BLOB_ATTR_BINARY
},
59 [CERT_ATTR_PAYLOAD
] = { .type
= BLOB_ATTR_NESTED
},
62 enum cert_payload_attr
{
63 CERT_PL_ATTR_CERTTYPE
,
65 CERT_PL_ATTR_VALIDFROMTIME
,
66 CERT_PL_ATTR_EXPIRETIME
,
68 CERT_PL_ATTR_KEY_FINGERPRINT
,
78 static const struct blobmsg_policy cert_payload_policy
[CERT_PL_ATTR_MAX
] = {
79 [CERT_PL_ATTR_CERTTYPE
] = { .type
= BLOBMSG_TYPE_INT8
},
80 [CERT_PL_ATTR_CERTID
] = { .type
= BLOBMSG_TYPE_INT64
},
81 [CERT_PL_ATTR_VALIDFROMTIME
] = { .type
= BLOBMSG_TYPE_INT64
},
82 [CERT_PL_ATTR_EXPIRETIME
] = { .type
= BLOBMSG_TYPE_INT64
},
83 [CERT_PL_ATTR_PUBKEY
] = { .type
= BLOBMSG_TYPE_STRING
},
84 [CERT_PL_ATTR_KEY_FINGERPRINT
] = { .type
= BLOBMSG_TYPE_STRING
},
88 static int cert_load(const char *certfile
, struct blob_attr
*certtb
[]) {
90 struct blob_buf certbuf
;
92 char filebuf
[CERT_BUF_LEN
];
95 blob_buf_init(&certbuf
, 0);
97 f
= fopen(certfile
, "r");
102 len
= fread(&filebuf
, 1, CERT_BUF_LEN
- 1, f
);
103 blob_put_raw(&certbuf
, filebuf
, len
);
104 } while(!feof(f
) && !ferror(f
));
112 return (blob_parse(certbuf
.head
, certtb
, cert_policy
, CERT_ATTR_MAX
) != 0);
115 static int cert_append(const char *certfile
, const char *pubkeyfile
, const char *sigfile
) {
116 fprintf(stderr
, "not implemented\n");
120 static int cert_dump(const char *certfile
) {
121 struct blob_attr
*certtb
[CERT_ATTR_MAX
];
123 if (cert_load(certfile
, certtb
)) {
124 fprintf(stderr
, "cannot parse cert\n");
131 static int cert_issue(const char *certfile
, const char *pubkeyfile
, const char *seckeyfile
) {
132 struct blob_buf certbuf
;
133 struct blob_buf payloadbuf
;
135 blob_buf_init(&payloadbuf
, 0);
138 blob_buf_init(&certbuf
, 0);
140 fprintf(stderr
, "not implemented\n");
144 static int cert_process_revoker(const char *certfile
) {
145 fprintf(stderr
, "not implemented\n");
149 static int cert_verify(const char *certfile
, const char *pubkeyfile
, const char *pubkeydir
, const char *msgfile
) {
150 fprintf(stderr
, "not implemented\n");
154 static int usage(const char *cmd
)
157 "Usage: %s <command> <options>\n"
159 " -A: append (needs -c and -p and/or -x)\n"
161 " -I: issue cert and revoker (needs -c and -p and -s)\n"
162 " -R: process revoker certificate (needs -c)\n"
163 " -V: verify (needs -c and -p|-P)\n"
165 " -c <file>: certificate file\n"
166 " -m <file>: message file (verify only)\n"
167 " -p <file>: public key file\n"
168 " -P <path>: public key directory (verify only)\n"
169 " -q: quiet (do not print verification result, use return code only)\n"
170 " -s <file>: secret key file (issue only)\n"
171 " -x <file>: signature file\n"
177 int main(int argc
, char *argv
[]) {
179 const char *msgfile
= NULL
;
180 const char *sigfile
= NULL
;
181 const char *pubkeyfile
= NULL
;
182 const char *pubkeydir
= NULL
;
183 const char *certfile
= NULL
;
184 const char *seckeyfile
= NULL
;
187 while ((ch
= getopt(argc
, argv
, "ADIRVc:m:p:P:qs:x:")) != -1) {
226 return usage(argv
[0]);
232 if (certfile
&& (pubkeyfile
|| sigfile
))
233 return cert_append(certfile
, pubkeyfile
, sigfile
);
235 return usage(argv
[0]);
238 return cert_dump(certfile
);
240 return usage(argv
[0]);
242 if (certfile
&& pubkeyfile
&& seckeyfile
)
243 return cert_issue(certfile
, pubkeyfile
, seckeyfile
);
245 return usage(argv
[0]);
248 return cert_process_revoker(certfile
);
250 return usage(argv
[0]);
252 if (certfile
&& (pubkeyfile
|| pubkeydir
))
253 return cert_verify(certfile
, pubkeyfile
, pubkeydir
, msgfile
);
255 return usage(argv
[0]);
257 return usage(argv
[0]);
261 return usage(argv
[0]);